Configure Horizon Connection Server, Security Server, or View Composer to Use a New TLS Certificate

<

To configure a Connection Server instance, security server, or View Composer instance to use a TLS certificate, you must import the server certificate and the entire certificate chain into the Windows local computer certificate store on the Connection Server, security server, or View Composer host.

About this task

In a pod of replicated Connection Server instances, you must import the server certificate and certificate chain on all instances in the pod.

By default, the Blast Secure Gateway (BSG) uses the TLS certificate that is configured for the Connection Server instance or security server on which the BSG is running. If you replace the default, self-signed certificate for a View server with a CA-signed certificate, the BSG also uses the CA-signed certificate.

Important:

To configure Connection Server or security server to use a certificate, you must change the certificate Friendly name to vdm. Also, the certificate must have an accompanying private key.

If you intend to replace an existing certificate or the default, self-signed certificate with a new certificate after you install View Composer, you must run the SviConfig ReplaceCertificate utility to bind the new certificate to the port used by View Composer.

Procedure

Before you can add certificates to the Windows Certificate Store, you must add the Certificate snap-in to the Microsoft Management Console (MMC) on the Windows Server host on which the Horizon 7 server is installed.

If the Windows Server host on which Connection Server is installed does not trust the root certificate for the signed TLS server certificate, you must import the root certificate into the Windows local computer certificate store. In addition, if the Connection Server host does not trust the root certificates of the TLS server certificates configured for security server, View Composer, and vCenter Server hosts, you also must import those root certificates.

If you configure a new TLS certificate after you install View Composer, you must run the SviConfig ReplaceCertificate utility to replace the certificate that is bound to the port used by View Composer. This utility unbinds the existing certificate and binds the new certificate to the port.